gabriel/server-ansible-playbook
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: gabriel:a9623b63f13da9d711a5e628a2bff657a59c338a
Branches Tags
gabriel:main
..
compare: gabriel:e4b0ed2fc2c8949aeab4fe3823cc79191bfadcdb
Branches Tags
gabriel:main

No commits in common. "a9623b63f13da9d711a5e628a2bff657a59c338a" and "e4b0ed2fc2c8949aeab4fe3823cc79191bfadcdb" have entirely different histories.
a9623b63f1 ... e4b0ed2fc2

19 changed files with 50 additions and 185 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,2 @@
.venv .venv
.vscode .vscode
.vault_pass

3
.gitmodules vendored
View File

@ -1,3 +0,0 @@
[submodule "services"]
path = services
url = https://git.lgoon.xyz/gabriel/lgoon-services

13
README.md
View File

@ -6,20 +6,13 @@ This playbook was tested against a debian 12 image.
## Usage ## Usage
```bash ```bash
ansible-playbook run.yml ansible-playbook run.yml
ansible-playbook run.yml --ask-pass --ask-become-pass
ansible-playbook run.yml --vault-password-file .vault_pass
``` ```
## Variables ## Variables
Should be defined in `group_vars/server/vars.yml`: Should be defined in `group_vars/server/vars.yml`:
- **services_dir**: folder path containing all folders with docker-compose stacks. they should have the scructure `<service>/docker-compose.yml` and optionally include `<service>/.env` files - **services_dir**: fodler path containing all folders with docker-compose stacks. they should have the scructure `<service>/docker-compose.yml` and optionally include `<service>/.env` files
- **services**: list of services in the service_dir container all `<service>` folders - **services**: list of services in the service_dir container all `<service>` folders
- **packages**: utils packages for linxu environment
## Secrets
```bash
ansible-vault create secret.yml
ansible-vault edit secret
ansible-vault view secret
ansible-vault encrypt secret.yml
```

8
group_vars/all.yml
View File

@ -1,8 +0,0 @@
packages:
- git
- htop
- rsync
- wget
base_services:
- managers
services_configs_dir: ""

3
group_vars/dev-server/vars.yml
View File

@ -1,3 +0,0 @@
group_services:
- gitea
services: "{{ base_services + group_services }}"

5
group_vars/file-server/vars.yml
View File

@ -1,5 +0,0 @@
group_services:
- nextcloud
- syncthing
- immich
services: "{{ base_services + group_services }}"

9
group_vars/management-server/vars.yml
View File

@ -1,9 +0,0 @@
group_services:
# - pinry
# - piped
# - immich
# - monica
# - piwigo
# - vikunja
- syncthing
services: "{{ base_services + group_services }}"

9
group_vars/media-downloading-server/vars.yml
View File

@ -1,9 +0,0 @@
group_services:
# - pinry
# - piped
# - immich
# - monica
# - piwigo
# - vikunja
- syncthing
services: "{{ base_services + group_services }}"

9
group_vars/media-server/vars.yml
View File

@ -1,9 +0,0 @@
services:
# - pinry
# - piped
# - immich
# - monica
# - piwigo
# - vikunja
- syncthing
services: "{{ base_services + services }}"

20
group_vars/server/vars.yml
View File

@ -1,10 +1,10 @@
packages:
group_services: - git
# - pinry - htop
# - piped services:
# - immich - pinry
# - monica - immich
# - piwigo - monica
# - vikunja - piwigo
- syncthing - vikunja
services: "{{ base_services + group_services }}" services_dir: /home/gabriel/hosted

9
group_vars/socialmedia-server/vars.yml
View File

@ -1,9 +0,0 @@
group_services:
# - pinry
# - piped
# - immich
# - monica
# - piwigo
# - vikunja
- syncthing
services: "{{ global_services + group_services }}"

28
inventory.yml
View File

@ -1,24 +1,8 @@
file-server: server:
hosts: hosts:
debianpx: ec2-13-239-10-136.ap-southeast-2.compute.amazonaws.com:
ansible_host: 192.168.122.177
ansible_user: gabriel
ansible_become: yes
ansible_become_method: sudo
vars: vars:
source_services_dir: /home/gabriel/hosted ansible_user: admin
server_services_dir: /home/srv/services/configs ansible_ssh_private_key_file: /home/gabriel/dev/terraform/terraform-lab/ec2ml/my_ssh.pem
PERSISTENT_DIRECTORY: /home/srv/services/persistent PERSISTENT_DIRECTORY: /persistent
# VOLATILE_DIRECTORY: /home/gabriel/hosted/volatile VOLATILE_DIRECTORY: /volatile %
# BACKUPDIR: /home/gabriel/hosted/backup
# APPSDIR: /home/gabriel/hosted/apps
# MEDIADIR: /home/gabriel/hosted/media
media-servers:
hosts:
algrroca:
ansible_user: root
# ansible_ssh_private_key_file: /home/gabriel/.ssh/aws_ec2_ssh.pem
# PERSISTENT_DIRECTORY: /home/srv/raidded
# VOLATILE_DIRECTORY: /home/srv/mstorage
# ansible_sudo_pass:

1
requirments.txt
View File

@ -1 +0,0 @@
ansible

8
roles/webserver/tasks/dependencies.yml
View File

@ -1,10 +1,10 @@
--- ---
- name: Update packages - name: Update packages
ansible.builtin.apt: apt:
update_cache: true update_cache: yes
upgrade: true upgrade: yes
- name: Install essential packages - name: Install essential packages
ansible.builtin.package: package:
name: "{{ packages }}" name: "{{ packages }}"
state: latest state: latest

52
roles/webserver/tasks/install_docker.yml
View File

@ -1,68 +1,46 @@
--- ---
- name: Install aptitude - name: Install aptitude
ansible.builtin.apt: apt:
name: aptitude name: aptitude
state: latest state: latest
update_cache: true update_cache: true
- name: Install required system packages - name: Install required system packages
ansible.builtin.apt: apt:
pkg: pkg:
- apt-transport-https - apt-transport-https
- ca-certificates - ca-certificates
- curl - curl
- gnupg - software-properties-common
- lsb-release
- python3-pip - python3-pip
- virtualenv - virtualenv
- python3-setuptools - python3-setuptools
state: latest state: latest
update_cache: true update_cache: true
- name: Download Docker GPG key - name: Add Docker GPG apt Key
ansible.builtin.get_url: apt_key:
url: https://download.docker.com/linux/debian/gpg url: https://download.docker.com/linux/debian/gpg
dest: /etc/apt/keyrings/docker.gpg state: present
mode: '0644'
- name: Add Docker GPG key to apt keyring
ansible.builtin.shell: |
gpg --dearmor < /etc/apt/keyrings/docker.gpg > /etc/apt/keyrings/docker.gpg.gpg
chmod 644 /etc/apt/keyrings/docker.gpg.gpg
args:
creates: /etc/apt/keyrings/docker.gpg.gpg
- name: Add Docker Repository - name: Add Docker Repository
ansible.builtin.apt_repository: apt_repository:
repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" repo: deb https://download.docker.com/linux/debian bookworm stable
state: present state: present
filename: docker
- name: Update apt and install docker-ce - name: Update apt and install docker-ce
ansible.builtin.apt: apt:
name: docker-ce name: docker-ce
state: latest state: latest
update_cache: true update_cache: true
- name: Update apt and install docker-compose
apt:
name: docker-compose
state: latest
update_cache: true
- name: Install Docker Module for Python - name: Install Docker Module for Python
ansible.builtin.pip: ansible.builtin.pip:
name: docker name: docker
extra_args: --break-system-packages extra_args: --break-system-packages
- name: adding existing user to group docker '{{ ansible_user }}'
ansible.builtin.user:
name: '{{ ansible_user }}'
groups: docker
append: true
- name: Ensure Docker service is started and enabled
ansible.builtin.service:
name: docker
state: started
enabled: true
- name: Ensure Docker Compose plugin is installed
ansible.builtin.apt:
name: docker-compose-plugin
state: latest
update_cache: true

8
roles/webserver/tasks/main.yml
View File

@ -1,5 +1,5 @@
--- ---
- ansible.builtin.include_tasks: dependencies.yml - include_tasks: dependencies.yml
- ansible.builtin.include_tasks: install_docker.yml - include_tasks: install_docker.yml
- ansible.builtin.include_tasks: start_service.yml - include_tasks: start_service.yml
- ansible.builtin.include_tasks: nginx_config.yml - include_tasks: nginx_config.yml

2
roles/webserver/tasks/nginx_config.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Copy service folder - name: Copy service folder
ansible.builtin.copy: copy:
src: "{{ services_dir }}/nginx-npm" src: "{{ services_dir }}/nginx-npm"
dest: /services/ dest: /services/

33
roles/webserver/tasks/start_service.yml
View File

@ -1,32 +1,11 @@
--- ---
- name: Ensure services destination directory exists
ansible.builtin.file:
path: "{{ server_services_dir }}"
state: directory
mode: '0755'
owner: "{{ ansible_user | default('root') }}"
group: "{{ ansible_user | default('root') }}"
- name: Copy service folder - name: Copy service folder
ansible.builtin.copy: ansible.posix.synchronize:
src: "{{ source_services_dir }}/{{ item }}" src: "{{ services_dir }}/{{ item }}"
dest: "{{ server_services_dir }}" dest: /services/
mode: '0755'
owner: "{{ ansible_user | default('root') }}"
group: "{{ ansible_user | default('root') }}"
with_items: "{{ services }}" with_items: "{{ services }}"
- name: Docker Compose Start Service - name: Start Docker compose
community.docker.docker_compose_v2: community.docker.docker_compose:
project_src: "{{ server_services_dir }}/{{ item }}" project_src: "/services/{{ item }}"
# environment: "{{ compose_env }}"
check_files_existing: true
assume_yes: true
build: policy
wait: true
register: output
with_items: "{{ services }}" with_items: "{{ services }}"
async: 300
poll: 10

14
run.yml
View File

@ -1,17 +1,5 @@
--- ---
- hosts: server - hosts: server
become: true become: yes
roles:
- role: webserver
# vars_files:
# - secret
- hosts: file-server
become: true
roles:
- role: webserver
- hosts: media-server
become: true
roles: roles:
- role: webserver - role: webserver